[Bug 275002] if_wg: Missing failure check for m_copyback()
Date: Fri, 10 Nov 2023 03:01:13 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275002
Bug ID: 275002
Summary: if_wg: Missing failure check for m_copyback()
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: aly@aaronly.me
Well, the m_copyback() may need to allocate new mbufs in order to hold the
data, so the allocation may fail because it uses the 'M_NOWAIT' flag and
doesn't provided any parameter to use the 'M_WAITOK' flag for allocation. (For
the reference, OpenBSD extended m_copyback() to have the extra 'how' parameter
for this purpose.)
As a consequence, the caller should check the resulting packet length for
m_copyback() failure. Below is the patch to 'if_wg.c' function
'wg_send_buf()', please review.
--- if_wg.c.orig 2023-10-12 09:06:16.983637264 +0800
+++ if_wg.c 2023-10-21 15:29:47.928807521 +0800
@@ -911,6 +911,11 @@ retry:
goto out;
}
m_copyback(m, 0, len, buf);
+ if (m->m_pkthdr.len != len) {
+ m_freem(m);
+ ret = ENOMEM;
+ goto out;
+ }
if (ret == 0) {
ret = wg_send(sc, e, m);
--
You are receiving this mail because:
You are the assignee for the bug.